Beastmode Botnet Targets Security Vulnerabilities in Totolink Routers

Beastmode Botnet, a variant of Mirai Botnet, has been detected to exploit security vulnerabilities in Totolink routers to expand access to vulnerable systems and perform denial-of-service attacks.

The security vulnerabilities in Totolink routers, tracked by codes CVE-2022-26210, CVE-2022-26186, CVE-2022-25075, CVE-2022-25084, relate to a command injection vulnerability that could allow arbitrary code execution.

Snippets containing the execution of the Beastmode Botnet with different filenames and parameters;It is observed that Beastmode also exploits vulnerabilities found in TP-Link Tapo C200 IP cameras, Huawei HG532 routers, NUUO, and Netgear’s video surveillance solutions, and discontinued D-Link products.

In this context, to not be the targets of attacks by the botnet may carry out, it is recommended to immediately upgrade the vulnerable versions to the current versions that fix the vulnerabilities. In addition, it is important to block the IoC findings related to the Beastmode Botnet from the security solutions in use.

Share This: